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1 This action is in response to the communication filed on 3/1/2010. 

2 DETAILED ACTION 

3 Response to Arguments 

4 Applicant's arguments, filed 3/1/2010, with respect to claim 1 have been fiiUy considered 

5 and are persuasive. The rejection of claims 1-16 and 49 has been withdrawn. 

6 The examiner notes that two voicemail messages were left for the appUcants' 

7 representative, Jason Lindh, on 5/3/2010 and 5/6/2010, proposing amendments to place the 

8 application in condition for allowance. Neither voicemail was returned. As such, the examiner 

9 is issuing the following office action below. 

10 Applicanf s arguments pertaining to claims 17 and 33 filed 3/1/2010 have been fiilly 

1 1 considered but are not found persuasive. The newly claimed limitations have been addressed 

12 accordingly below. 

13 Regarding the applicants' argument, with respect to claim 17, that the examiner has failed 



14 to address the portion of the claim pertaining to "a partial indication", the examiner does not find 

1 5 the argument persuasive. The claim language requires one of "a none indication" (equivalent to 

16 a NACK), "a partial indication", or "a done indication" (equivalent to an ACK). Because the 

17 examiner has addressed two of the three options, and the claim language only requires one of the 

1 8 three options, the examiner has show that the prior art meets this limitation. Therefore, the 

1 9 examiner does not find the argument persuasive. 

20 Regarding the applicants' request for proof regarding the examiners' official notice with 

21 respect to claim 17, the examiner directs the applicants to Slaughter et al. (US Patent Number 
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1 6,014,669) Col. 6 Lines 15-67, which evidences the knowledge of ACKs and NACKS used in 

2 the art of data synchronization. Therefore, the examiner does not find the argument persuasive. 

3 Regarding the applicants' argument with respect to claim 33, that Burch does not teach 

4 synchronizing the credentials when the event handler receives a plurality of unique event 

5 notifications..., the examiner does not find the argument persuasive. Paragraphs 0040-0044 of 

6 Burch show that the principal receives an indication that changes have been made (first event 

7 notification) and that the principal receives re-establishment communications from the identity 

8 service (second event notification) at which point the credentials are synchronized. As such, the 

9 examiner does not find the argument persuasive. 



1 0 All objections and rejections not set forth below have been withdrawn. 

1 1 Claims 1-27,29,32,33,35-44, and 49 have been examined. 

1 2 Information Disclosure Statement 

13 The information disclosure statement(s) (IDS) submitted on 3/1/2010 is in compliance 

14 with the provisions of 37 CFR 1 .97. Accordingly, the examiner is considering the information 

15 disclosure statements. 

1 6 Claim Rejections - 35 USC §103 

17 The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

18 obviousness rejections set forth in this Office action: 

19 A patent may not be obtained though the invention is not identically disclosed or 

20 described as set forth in section 102 of this title, if the differences between the subject matter 

21 sought to be patented and the prior art are such that the subject matter as a whole would have 

22 been obvious at the time the invention was made to a person having ordinary skill in the art to 

23 which said subject matter pertains. Patentability shall not be negatived by the manner in which 

24 the invention was made. 
25 
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1 Claims 33, and 35-44, are rejected under 35 U.S.C. 103(a) as being unpatentable over 

2 Burch et al. (US Patent Application Publication 2005/0 1 7 1 872) hereinafter referred to as Burch, 

3 and further in view of Brovick et al. ("WINDOWS® 2000 Active Directory™") hereinafter 

4 referred to as Brovick, and fiirther in view of Rao et al. (US Patent Number 5,689706) 

5 hereinafter referred to as Rao. 

6 Regarding claim 33, Burch disclosed a system comprising: an event handler to receive 

7 event notifications (See Burch Paragraph 0043-0044); and a synchronizing module operatively 

8 associated with the event handler to synchronize local credentials and remote credentials if the 

9 local and remote credentials are different from one another (See Burch Paragraph 0043-0044), 

10 but Burch failed to specifically disclose enumerating local credentials and remote credentials in 

1 1 response to the event notification, or wherein the event notification is at least one of the 

12 following: a lock event, and an unlock event. Burch did, however, disclose that the credential 

13 stores are directories (See Burch Paragraph 0022). 

14 Brovick teaches that Active Directory is a directory service, which provided replication 

1 5 of data between devices, as well as synchronization of the data between the devices in an Active 

1 6 Directory (See Brovick First Paragraph), and that in order to maintain synchronization between 

17 each copy of the directory, each update to a directory is provided with a USN which is compared 

1 8 with USNs in other devices to determine which updates need to be replicated (See Brovick 

19 "Keeping Track"). 

20 It would have been obvious to the ordinary person skilled in the art at the time of 

2 1 invention to employ the teachings of Brovick in the credential store system of Burch by utilizing 

22 Active Directory to provided the directory service and the synchronization between the 
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1 credential stores. This would have been obvious because the ordinary person skilled in the art at 

2 the time of invention would have been motivated to provide quick and efficient directory 

3 services across the distributed credential store. 

4 Rao teaches that in a synchronization system, the operating system can perform a lock 

5 function on the replicated data in order to prevent changes to the data during the synchronization 

6 (Rao Col. 1 6 Line 54 - Col. 1 7 Line 4). 

7 It would have been obvious to the ordinary person skilled in the art at the time of 



8 invention to have employed the teachings of Rao in the system of Brovick by performing the 

9 synchronization in response to locking the data. This would have been obvious because the 

1 0 ordinary person skilled in the art would have been motivated to prevent the data from being 

1 1 altered during the synchronization operation. 



12 Regarding claim 35, Burch, Brovick, and Rao taught that the credentials include at least 

13 one of the following: an encryption credential, a token, an asymmetric key pair, a symmetric key, 

14 a digital certificate, an XrML license, an authentication credential, an authorization credential 

1 5 (See Burch Paragraphs 0022-0024). 

16 Regarding claim 36, Burch, Brovick, and Rao taught that a local store manager to 

17 enumerate the local credentials for the synchronizing module (See Brovick "Keeping Track"). 

1 8 Regarding claim 37, Burch, Brovick, and Rao taught that a remote store manager to 

19 enumerate the remote credentials for the synchronizing module (See Brovick "Keeping Track"). 

20 Regarding claim 38, Burch, Brovick, and Rao taught that the local credentials are stored 

21 in a local cache (See Burch Paragraph 0053). 
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1 Regarding claim 39, Burch, Brovick, and Rao taught that the local credentials are stored 

2 in a local cache provided at any number (n) of clients (See Burch Paragraph 0053). 

3 Regarding claim 40, Burch, Brovick, and Rao taught that the local credentials are 

4 encrypted using a master key (See Burch Paragraph 0025). 

5 Regarding claim 4 1 , Burch, Brovick, and Rao taught that the remote credentials are 

6 stored in a remote cache (See Burch Paragraph 0056). 

7 Regarding claim 42, Burch, Brovick, and Rao taught that the local credentials are stored 

8 in a remote cache provided at any number (n) of hosts (see Burch Paragraph 0056). 

9 Regarding claim 43, Burch, Brovick, and Rao taught that the remote credentials are 

1 0 maintained by a remote directory service (See Burch Paragraphs 0022 and 0056). 

1 1 Regarding claim 44, Burch, Brovick, and Rao taught that the remote credentials are 

1 2 encrypted (See Burch Paragraph 0025). 
13 

14 Claims 17, 18, 20-27, 29, and 32 are rejected under 35 U.S.C. 103(a) as being 

1 5 unpatentable over Burch, and further in view of Brovick, and further in view of Heinrich et al. 

1 6 (US Patent Number 6,51 0,522) hereinafter referred to as Heinrich. 
17 

18 Regarding claim 17, Burch disclosed a method comprising: receiving an event 

19 notification (See Burch Paragraph 0043); and synchronizing the local credentials and remote 

20 credentials (See Burch Paragraph 0043-0044) and changing at least one of the local credentials in 

2 1 a first local credential cache (Burch Paragraphs 0043-0044) wherein the credential comprises at 

22 least one of the following: a token (Burch Certificate), and an XrML license, but Burch failed to 



Application/Control Number: 1 0/82 1 ,603 Page 7 

Art Unit: 2431 

1 specifically disclose enumerating local credentials and remote credentials in response to the 

2 event notification. Burch did, however, disclose that the credential stores are directories (See 

3 Burch Paragraph 0022). 

4 Burch fiirther failed to disclose a synchronization module which: sorts the local 

5 credentials and the remote credentials into a local credential array and a remote credential array 

6 respectively and linearly compares the local credential array and the remote credential array; and 

7 stores a state file for confiict resolution, the state file comprising: a file version; a flag, wherein 

8 the flag indicates whether the credential is user protected (but Burch did disclose that some 

9 credentials are user protected in Paragraph 0055); and a credential state, wherein the credential 

10 state comprises: last time synchronization module called; last time local store changed; and last 

1 1 time remote cache changed. 

12 Burch fiirther failed to disclose that the change to the first local credential was removal 

13 from the cache associated with a first device based upon the synchronizing module comparing 

14 the local credential array and the remote credential array, wherein the credential removed from 

1 5 the first local credential cache is identified and tagged by the synchronization module in a remote 

16 credential cache; and based on the synchronizing module comparing the local credential array 

17 and the remote credential array, removing the tagged credential from a second local credential 

1 8 cache associated with a second device, wherein the first device is different than the second 

19 device, without rewriting the tagged credential to the remote credential cache. However, 

20 addition and deletion of credentials in a credential store was well known in the art at the time of 

2 1 invention, and would have been obvious to the ordinary person skilled in the art at the time of 

22 invention. This would have been obvious because the ordinary person skilled in the art would 
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1 have been motivated to have allowed flexibility in the authorizations granted within the system 

2 by allowing authorizations to be granted and taken away. 
3 

4 Brovick teaches that Active Directory is a directory service, which provided replication 

5 of data between devices, as well as synchronization of the data between the devices in an Active 

6 Directory (See Brovick First Paragraph), and that in order to maintain synchronization between 

7 each copy of the directory, each update to a directory is provided with a USN which is compared 

8 with USNs in other devices to determine which updates need to be replicated (See Brovick 

9 "Keeping Track"). Brovick further teaches keeping track of timestamps of when the local and 

10 remote (replicated) data was updated (See Brovick "Conflict Resolution"), and when 

1 1 synchronization was last performed (See Brovick "Intra-Site Replication"). Brovick fiirther 

12 teaches that when a change in one local cache is made, the domain controller will mark the 

13 change in an up-to-date vector, and then replicate the change in other caches throughout the 

14 network without undoing the change (Brovick "Keeping Track"). 

1 5 Further, it was well known in the art at the time of invention to sort data into arrays for 

16 linear comparison in order to ease the complexity of the comparison, as well as to use flags to 

1 7 track Boolean properties. 

18 It would have been obvious to the ordinary person skilled in the art at the time of 

1 9 invention to employ the teachings of Brovick in the credential store system of Burch by utilizing 

20 Active Directory to provided the directory service and the synchronization between the 

2 1 credential stores. This would have been obvious because the ordinary person skilled in the art at 

22 the time of invention would have been motivated to provide quick and efficient directory 
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1 services across the distributed credential store. It further would have been obvious to the 

2 ordinary person skilled in the art at the time of invention to have sorted the local and remote 

3 credentials into a local and remote credential array, and then linearly comparing the arrays to 

4 determine conflicts which need to be resolved. This would have been obvious because ordinary 

5 person skilled in the art at the time of invention would have been motivated to ease the 

6 complexity of the comparison for determining conflicts between the servers. In this 

7 combination, the USN reads on the claimed version number. Further still, it would have been 

8 obvious to the ordinary person skilled in the art at the time of invention to have stored a flag for 

9 each entry in the credential store to track whether the entry was personal (user protected) or not. 

1 0 This would have been obvious because the ordinary person skilled in the art would have been 

1 1 motivated to utilize a well known method for tracking Boolean properties to track the Boolean 

12 property of personal entry or not. Even further still, it would have been obvious to the ordinary 

13 person skilled in the art at the time of invention to have employed the teachings of Brovick in the 

14 sjoichronization system by marking the deletion of a credential fi-om the cache, and propagating 

1 5 the change to the other caches in the network. This would have been obvious because the 

1 6 ordinary person skilled in the art would have been motivated to synchronize the caches. 

17 Burch fiirther failed to disclose that the event notification comprised an unlock event. 

1 8 Heinrich teaches that credentials can be protected from alteration by locking access to the 

1 9 memory locations containing the credentials, and that upon unlocking the memory the 

20 credentials can be updated (Heinrich Abstract). 

2 1 It would have been obvious to the ordinary person skilled in the art at the time of 

22 invention to have employed the teachings of Heinrich in the system of Brovick by locking and 
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1 unlocking the memory locations holding the credentials, and performing the synchronization in 

2 response to unlocking. This would have been obvious because the ordinary person skilled in the 

3 art would have been motivated to prevent the data from being altered outside of the update and 

4 synchronization operations. 

5 Further still, Brovick failed to specifically disclose handling errors, wherein error 

6 handling comprises returning a write state indication of a status of a credential write operation, 

7 wherein the write state indication consists of one of the following: a none indication, wherein the 

8 none indication comprises an indication that the credential was not altered; a partial indication, 

9 wherein the partial indication comprises an indication that the credential was partially altered; or 

1 0 a done indication, wherein the done indication comprises an indication that the credential was 

1 1 successfiiUy changed. However, it was well known in the art of data transmission and 

1 2 synchronization at the time of invention to provide an acknowledgement of successftil 

13 synchronization in the event that the synchronization of the data was completed successfully. As 

14 such, it would have been obvious to the ordinary person skilled in the art at the time of invention 

1 5 to have employed ACKs and NACKs of successftil completion of synchronization. This would 

1 6 have been obvious because the ordinary person skilled in the art would have been motivated to 

17 ensure the synchronization operation was successftil. 

1 8 Regarding claim 18, Burch, Brovick, and Heinrich taught that synchronizing the local 

19 credentials and the remote credentials is based on at least one time-stamp associated with the 

20 local credentials and at least one time-stamp associated with the remote credentials (See Brovick 

21 Conflict Resolution). 
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1 



Regarding claim 20, Burch, Brovick, and Heinrich taught writing at least one of the local 



2 



credentials to a remote credential cache (See Burch Paragraph 0056). 



3 



Regarding claim 21, Burch, Brovick, and Heinrich taught writing at least one of the 



4 



remote credentials to a local credential cache (See Burch Paragraph 0053). 



5 



Regarding claims 22-23, while Burch, Brovick, and Heinrich taught that changes in local 



6 credentials are duplicated in the remote credential store, and vice versa, they failed to specifically 

7 disclose deleting remote credentials. However, addition and deletion of credentials in a 

8 credential store is well known, and would have been obvious to the ordinary person skilled in the 

9 art at the time of invention. This would have been obvious because the ordinary person skilled in 

10 the art would have been motivated to have allowed flexibility in the authorizations granted 

1 1 within the system by allowing authorizations to be granted and taken away. 

12 Regarding claim 24, Burch, Brovick, and Heinrich taught modifying at least one of the 

13 local credentials at a local credential cache based on at least one of the remote credentials (See 

14 Burch Paragraph 0053). 

1 5 Regarding claim 25, Burch, Brovick, and Heinrich taught modifying at least one of the 

16 remote credentials at a remote credential cache based on at least one of the local credentials See 

1 7 Burch Paragraph 0056). 

1 8 Regarding claim 26, Burch, Brovick, and Heinrich taught updating a list of local 

19 credentials (See Brovick "Keeping Track"). 

20 Regarding claim 27, Burch, Brovick, and Heinrich taught updating a list of remote 

2 1 credentials (See Brovick "Keeping Track"). 
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1 Regarding claim 29, Burch, Brovick, and Heinrich taught determining a state of the 

2 remote credentials dynamically (See Brovick "Intra-Site Replication" and "Inter-Site 

3 Replication"). 

4 Regarding claim 32, Burch, Brovick, and Heinrich taught resolving a conflict of state 

5 between the local credentials and the remote credentials (See Burch Paragraph 0044 and Brovick 

6 "Conflict Resolution"). 

7 Claim 19 is rejected under 35 U.S. C. 103(a) as being unpatentable over the combination 

8 of Burch, Brovick, and Heinrich as applied to claim 17, and further in view of Yianilos et al. (US 

9 Patent Application Publication 2002/00292 14) hereinafter referred to as Yianilos. 

10 Burch, Brovick, and Heinrich disclosed detection of changes between local and remote 

1 1 credentials, but failed to disclose that the synchronizing was based on a comparison of hash 

12 values. 

13 Yianilos teaches an alternative method for detecting differences between entries in a 

14 sjoichronization system which involves generating a hash for the local data and a hash for the 

1 5 remote data, and comparing the hashes, wherein if the hashes are different then a change has 

16 been detected and synchronization is required (See Yianilos Paragraphs 0083 - 0084). 

17 It would have been obvious to the ordinary person skilled in the art at the time of 

1 8 invention to employ the teachings of Yianilos in the synchronization system of Burch, Brovick, 

19 and Heinrich by detecting changes by comparing hashes of the local and remote credential 

20 stores. This would have been obvious because the ordinary person skilled in the art would have 

2 1 been motivated to minimize the network traffic generated by the synchronization. 
22 



Application/Control Number: 1 0/82 1 ,603 
Art Unit: 2431 



Page 13 



1 



Allowable Subject Matter 



2 



Claims 1-16, and 49 are allowed. 



3 



The following is a statement of reasons for the indication of allowable subject matter: 



4 The applicants' arguments have been found persuasive. While the prior art does teach 

5 enumerating and synchronizing credentials in response to various events, the prior art does not 

6 teach the specific combination of limitations as claimed. For example, the prior art does not 

7 teach enumerating credentials in response to each of a lock event, a startup event, a shutdown 

8 event, a logon event, a logoff event, an unlock event, a session event, a timer event, a manual 

9 request, and a credential update event, evaluating local and remote credentials based upon the 
10 enumerating, and synchronizing the local and the remote credentials based upon the evaluation. 
11 

12 Conclusion 

13 Claims 17-27,29,32,33, and 35-44 have been rejected. 

14 Any inquiry concerning this communication or earlier communications from the 

1 5 examiner should be directed to MATTHEW T. HENNING whose telephone number is 

16 (571)272-3790. The examiner can normally be reached on M-F 8-4. 

17 If attempts to reach the examiner by telephone are unsuccessful, the examiner's 

1 8 supervisor, William Korzuch can be reached on (571)272-7589. The fax phone number for the 

19 organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the Patent 



2 Application Information Retrieval (PAIR) system. Status information for published applications 

3 may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 

4 applications is available through Private PAIR only. For more information about the PAIR 

5 system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 

6 system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 

7 like assistance from a USPTO Customer Service Representative or access to the automated 

8 information system, call 800-786-9 1 99 (IN USA OR CANADA) or 57 1 -272- 1 000. 



9 



10 
11 
12 
13 



/Matthew T Henning/ 

Primary Examiner, Art Unit 243 1 



